Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

The National Infrastructure Protection Center said that hacker groups in China are planning distributed denial of service attacks on US and UK web sites. The attacks are expected soon in part because today is the anniversary of the collision of the US surveillance plane and the Chinese fighter jet on April 1, 2002. The attacks are expected to be the result of protests against the war in Iraq. -http://www.washingtonpost.com/wp-dyn/articles/A60363-2003Mar31.html

European Union Requires Standard Cyber Crime Laws (28 March 2003)

The Council of the European Union has agreed on a common approach for anti-hacking regulations. Each member state has until December 31, 2003 to adopt the new rules that make unauthorized access a criminal offense and that call for jail time for serious offenders. Some observers were concerned that email protests could be criminalized. -http://www.net-security.org/news.php?id=2267-http://www.iht.com/articles/88499.html ************************ SPONSORED LINKS ******************************

THE REST OF THE WEEK'S NEWS

Loren Anderson, the teen accused of using stolen identities to raid bank accounts through ATM machines, saw his bail reduced when his father, a cyber security director at IBM, promised to control his son, and his son's defense attorney promised Loren would have no access to computers. -http://www.nypost.com/news/regionalnews/72102.htm

Ganda Virus Creator Could Face Up To Four Years In Prison (26 March 2003)

Cell Phone Flaws Can Thwart Emergency Response (30 March 2003)

Using a cell phone to contact emergency services by dialing 911 can take the caller to the wrong jurisdiction (one located far from the caller's location) and delay emergency response. In addition, regulators are not advocating global positioning system (GPS) capability in cell phones that could save lives by pinpointing the location of callers in distress. -http://www.washingtonpost.com/wp-dyn/articles/A54802-2003Mar30.html

Microsoft's statement that it would not offer a version of a security patch for NT 4.0 has called into question an earlier promise to continue supporting the operating system through the end of 2004 and raised concern among its customers. The new vulnerability could expose computers running the operating systems to a denial of service attack, Microsoft warned in its security bulletin, MS03-010, on Wednesday. The bulletin contained patches for Windows 2000 and XP. -http://www.infoworld.com/article/03/03/28/HNmspatch_1.html Microsoft's Bulletin: -http://www.microsoft.com/technet/security/bulletin/MS03-010.asp

Congressman Challenges Bush Administration To Up IT Security Funding (27 March 2003)

Rep. Sherwood Boehlert (R-N.Y.) today said the Bush administration has failed to put its cybersecurity money where its mouth is. He also called for creation of a senior advisory post for IT security within the Homeland Security Department. -http://www.gcn.com/vol1_no1/daily-updates/21505-1.html

Policy Makers Struggle With Privacy vs. Security (20 March 2003)

A Congressional Internet Caucus meeting focused on the privacy/security tradeoff. Speakers suggested that power was being misused and should be constrained while other speakers said that the security measures being instituted by the U.S. government are much less intrusive than those taken by other wartime Presidents. -http://www.infoworld.com/article/03/03/20/HNprivacy_1.html[Editor's Note (Schultz): Unfortunately, privacy has not been very much of a major concern in the U.S. (as opposed to in many European countries) so far, as evidenced by the existence of little privacy protection legislation. Perhaps erosion of what little privacy protection we have will help awaken the public (and ultimately legislators) to the need for better privacy protection. ]

Internet Security System's Internet Scanner came in first in a competition with Nessus (2) NetRecon (3) and SAINT and Retina, when judged by the number of common flaws found. Internet Security Magazine's testing also found that none of the vulnerability testers did a good job of mapping the large network and every one of the systems crashed at least one server or application. -http://www.infosecuritymag.com/2003/mar/cover.shtml[Editor's Note (Paller): The article is definitely worth reading, but leaving out Qualys, Foundstone and Tenable Security makes it less than useful as a buyer's guide. ]

Gartner Lists Top Security Issues for 2003 (28 March 2003)

Gartner analyst Victor Wheatman lists Web service security, wireless LAN security, identity management, intrusion prevention, event correlation, the next great worm, instant messaging security, homeland security, security engineering throughout the enterprise, intellectual property defense and transaction trustworthiness and auditing. -http://www.techweb.com/wire/story/TWB20030328S0007[Editor's Note (Northcutt): I might add sendmail, but from what I interpret from Netcraft survey data, there are still at least 300,000 WebDAV vulnerable IIS Servers, so I certainly agree web service security belongs at the top. If your site runs IIS make sure you are on the patch. -http://news.netcraft.com/archives/2003/03/18/ three_quarters_of_microsoftiis_sites_have_webdav_enabled.html ]

OMB Says Federal Agencies Doing Better On Security (27 March 2003)

After flunking most agencies last year, OMB is ready to send out better grades this year, claiming progress was made "across the government." OMB is ready to cut off funds to agencies that have not corrected security problems. -http://www.gcn.com/vol1_no1/daily-updates/21510-1.html

Hotmail Caps Outgoing Email Messages To Curb Spam (27 March 2003)

Microsoft has reduced the number of messages people using its free Hotmail service can send each day to 100 from 500, in an attempt to cut down on spam. -http://news.bbc.co.uk/1/hi/technology/2890661.stm===end===
NewsBites Editorial Board:
Kathy Bradford, Dorothy Denning, Roland Grefer, Stephen Northcutt,
Alan Paller, Marcus Ranum, Eugene Schultz, Gal Shpantzer
Guest Editors: Bruce Schneier and Hal Pomeranz
Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) visit https://portal.sans.org/preferences.php/To update your address, visit http://www.sans.org/sansurl and enter
your SD number (from the header of this email.) You will receive your
personal URL via email.